Univention Bugzilla – Bug 41198
openssl: multiple issues (4.0)
Last modified: 2016-09-29 17:10:13 CEST
The new openssl release 1.0.1t fixes these issues: * EVP_EncodeUpdate overflow (CVE-2016-2105) * EVP_EncryptUpdate overflow (CVE-2016-2106) * Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) * Memory corruption in the ASN.1 encoder (CVE-2016-2108) * ASN.1 BIO excessive memory allocation (CVE-2016-2109) * EBCDIC overread (CVE-2016-2176)
Created attachment 7637 [details] openssl_patches_1.0.1f-1ubuntu2.19.tgz Backport patches from Ubuntu 14.04 LTS (1.0.1f). Wheezy LTS will probably also prepare patches for 1.0.1e.
Upstream Debian package version 1.0.1e-2+deb7u21 contains the patches.
Tests: OK Advisory: openssl.yaml
Verified: * Upstream package with patches imported and built in errata4.0-5 * Package update works (amd64) * Advisory Ok
<http://errata.software-univention.de/ucs/4.0/419.html>